Live Forms has a plugable security framework and offers a variety of built-in Security Managers. If you use the Live FormsDefault Security Manager, a tenant admin can create users and roles directly in your Live Forms tenants. See the Manage Users and the Manage Roles for instructions on creating users and roles. Note that with LDAP Security Manager and Delegating Security Manager, groups are the equivalent of Live Forms roles.

Live Forms also supports two types of LDAP Security Managers that pull users and groups from your external Active Directory or Open LDAP system; a Delegating Security Manager when you are integrating Live Forms with Confluence; a SAML Security manager that allows enterprises to take advantage of Internet Single sign On and custom security managers that lets you integrate with a security manager that you build yourself.

frevvo Security Managers are an Add on feature with additional costs.

frevvo only supports/certifies Security Managers when Live Forms is running in the Apache Tomcat container. Refer to our Supported Platforms for the list of Application Servers supported/certified by frevvo.

frevvo Default Security Manager - Live Forms is responsible for authentication/authorization and managing users/roles. This is the default option. Your tenant will be created with this security manager if no other choice is selected.

SAML Security Manager - This security manager allows the exchange of authentication and authorization data between an identity provider of your choice (ex:Shiboleth) and a service provider (frevvo). SSO is supported. Although this security manager can be used on-premise it is primarily meant for cloud tenants who use LDAP but do not want to expose it over the internet.

Azure SAML Security Manager - This security manager uses SAML in Authentication Only mode and the Active Directory available in the Microsoft Cloud solution, Azure. Integration with the Azure API enables Live Forms queries. On-premise AD services can be exposed via Azure providing a clean way to integrate with the frevvo cloud.

Custom - Container managed security manager used when there is a requirement for a container to handle authentication.

Which Security Manager do I choose?

Many frevvo customers use the Default Security Manager. All tenants are initially created with this Security Manager. It is the simplest security manager because it does not require integration with an external IDP. Users/roles are managed by the tenant admin.

Live Forms offers additional Security Managers, implemented to industry standards, that may be more compatible with your environment. You must have the expertise for setting up your security infrastructure in such a way that whatever choice you make (cloud, ldap, saml, azure) is in fact secure and in compliance with any/all of your auditing requirements.

Selecting a Security Manager for your Live Forms tenant is a very important decision. The table helps you make the choice.

No - if “auth only” mode selected - Users/Roles must be created in your tenant manually. The CSV upload is a good way to do this.

Partial sync if discovery mode ( “auth only” off). User details and user’s roles are automatically discovered each time the user logs into the tenant. Thus the tenant can get out of sync with your IDP therefore manual or automated csv uploads on a regular basis are still recommended.

No - if the visibility of the form is set to Authenticated Users (login required) and the user is NOT already authenticated to SAML. This is because frevvo must direct the user to the IDP login screen and the browser will not allow loading the IDP login page in frevvo's form iframe.

No - if the visibility of the form is set to Authenticated Users (login required) and the user is NOT already authenticated to SAML. This is because frevvo must direct the user to the IDP login screen and the browser will not allow loading the IDP login page in frevvo's form iframe.

What does frevvo support?

Microsoft AD, Open LDAP

Shibboleth, ADFS, Okta, Centrify, Google and any other software that implements the SAML 2.0 protocol

There is no other implementation of Azure AD then Azure AD

What does frevvo certify?

Microsoft AD

none

Azure AD

Do you need your own Configuration Specialist for your IDP

Yes

Yes

Yes

Changing the Security Manager for your Tenant

Live Forms trial tenants are configured with the default security manager. Once you have purchased a license for your Live Forms tenant the original security manager can be changed. This allows you to keep the submissions and the name of your existing tenant.

Tenants using the Default Security Manager can be migrated to:

Default Security Manager → LDAP

Default Security Manager → SAML

Default Security Manager → Azure SAML

Tenants using the LDAP Security Manager can migrate to:

LDAP → SAML

LDAP → Azure SAML

Cloud customers, planning to switch the Security Manager of your tenant from the default to the LDAP, SAML or Azure SAML Security Managers or a tenant using the SAML security manager on a trial basis should contact sales@frevvo.com to initiate the process.

If you are planning on changing the Security Manager from the Default Security Manager to LDAP(s), SAML or Azure SAML, and you want to preserve Applications/Forms/Flows developed in your trial/starter frevvo tenant, here's what we recommend:

Make sure the users created in the Default Security Manager tenant have the same user names as the users in your Active Directory or IDP.

Download the Applications/Forms/Flows that you want to preserve to your desktop as a backup BEFORE changing the Security Manager.

Live Forms customers should be aware that changing the Security Manager of your tenant is a ONE-WAY operation. Once you click the Change button, you cannot revert back to the original security manager.